In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated.
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Freebsd | Freebsd | 12.0 (including) | 12.0 (including) |
| Freebsd | Freebsd | 12.0-p1 (including) | 12.0-p1 (including) |
| Freebsd | Freebsd | 12.0-p10 (including) | 12.0-p10 (including) |
| Freebsd | Freebsd | 12.0-p11 (including) | 12.0-p11 (including) |
| Freebsd | Freebsd | 12.0-p12 (including) | 12.0-p12 (including) |
| Freebsd | Freebsd | 12.0-p2 (including) | 12.0-p2 (including) |
| Freebsd | Freebsd | 12.0-p3 (including) | 12.0-p3 (including) |
| Freebsd | Freebsd | 12.0-p4 (including) | 12.0-p4 (including) |
| Freebsd | Freebsd | 12.0-p6 (including) | 12.0-p6 (including) |
| Freebsd | Freebsd | 12.0-p7 (including) | 12.0-p7 (including) |
| Freebsd | Freebsd | 12.0-p8 (including) | 12.0-p8 (including) |
| Freebsd | Freebsd | 12.0-p9 (including) | 12.0-p9 (including) |
| Kfreebsd-10 | Ubuntu | trusty | * |